5.4

CVE-2012-4298

Exploit
Integer signedness error in the vwr_read_rec_data_ethernet function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.2 allows user-assisted remote attackers to execute arbitrary code via a crafted packet-trace file that triggers a buffer overflow.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SunSunos Version5.11
WiresharkWireshark Version1.8.0
WiresharkWireshark Version1.8.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.01% 0.924
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.4 5.5 6.4
AV:A/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/54425
http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml
http://secunia.com/advisories/50276
http://secunia.com/advisories/51363
http://www.securityfocus.com/bid/55035
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3
https://hermes.opensuse.org/messages/15514562
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7533
http://anonsvn.wireshark.org/viewvc/trunk/wiretap/vwr.c?r1=44075&r2=44074&pathrev=44075
Patch
Exploit
http://anonsvn.wireshark.org/viewvc?revision=44075&view=revision
http://www.wireshark.org/security/wnpa-sec-2012-25.html
Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15777